GDPR Procedures

Your privacy is very important to us. This notice is provided by Triago and sets forth our policies for the collection, use, storage, sharing, disclosure and protection of personal data.

Global Data Protection Regulation – Privacy Policy Notice

Introduction

Your privacy is very important to us. This notice (this “Privacy Notice”) is provided by Triago Europe and its affiliates (“Triago” or “we” or “us”) and sets forth our policies for the collection, use, storage, sharing, disclosure (collectively, “processing”) and protection of personal data relating to you and or where you may be a current, prospective and / or former client or prospective client. This Privacy Notice is being provided in accordance with the requirements of data privacy laws, including the EU General Data Protection Regulation 2016/679 (“GDPR”), and any other law relating to privacy or the processing of personal data and any statutory instrument, order, rule or regulation implemented thereunder, each as applicable to us. References to “you” or a “client” in this Privacy Notice means any individual or client, or any individual or client connected with you who is a legal person (each such individual, a “data subject”), as applicable.

Identity and contact details of Data Controller

For the purposes of the GDPR, Triago is the controller of your data. If you have any queries regarding this policy or complaints about our use of your data, please contact us at the address below and we will do our best to deal with your complaint or query as soon as possible.

Triago Europe 5, rue Scribe 75009 Paris, France

e-mail: mail@triago.com

The types of personal data we may collect and use

The categories of personal data we may collect include names, e-mail addresses, residential addresses or other contact details, signature, nationality, place of birth, tax identification number, date of birth, photographs, copies of identification documents, bank account details, information about assets or net worth, credit history, source of funds details or other contact details or sensitive information, such as certain special categories of data contained in the relevant materials or documents you share with us.

How we collect personal data

We may collect personal data about you through: (i) information provided directly to us by you, or another person on your behalf; (ii) information that we obtain in relation to any transactions between you and us; (iii) information that you provide to us through using our web-site; and (iv) monitoring of telephone conversations and electronic communications with you as described below. We also may receive your personal information from third parties or other sources, such as our affiliates, publicly accessible databases or registers, tax authorities, governmental agencies and supervisory authorities, credit agencies, fraud prevention and detection agencies, or other publicly accessible sources, such as the Internet.

Using your personal data: the legal basis and purposes

We may process your personal data for the purposes of administering the relationship between you and us (including communications and reporting), direct marketing of our products and services, monitoring and analysing our activities, and complying with applicable legal or regulatory requirements (including anti-money laundering, fraud prevention, tax reporting, sanctions compliance, or responding to requests for information from supervisory authorities with competent jurisdiction over our business). Your personal data will be processed in accordance with Data Protection Law and may be processed with your consent, upon your instruction, or for any of the purposes set out herein, including where we or a third-party consider there to be any other lawful purpose to do so. Where personal data is required to satisfy a statutory obligation (including compliance with applicable antimoney laundering or sanctions requirements) or a contractual requirement, failure to provide such information may result in the termination of our relationship. Where there is suspicion of unlawful activity, failure to provide personal data may result in the submission of a report to the relevant law enforcement agency or supervisory authority. Exceptionally we may be requested or required to disclose to regulatory bodies details about you and the services we provide. As such, our disclosure of your personal data to us is on the legal basis of our performance of our compliance with a legal obligation or our legitimate interest in so doing.

How we may share your personal data

We may disclose information about you to our affiliates or third parties (where relevant) for our everyday business purposes, such as to facilitate transactions or respond to court orders and legal investigations. We will also release information about you if you direct us to do so. We may share your information with our affiliates for direct marketing purposes, such as offers of products and services to you by us or our affiliates. You may prevent this type of sharing by contacting us as described below (see “Who to contact about this Privacy Notice”). We may also disclose information about your transactions and experiences with us to our affiliates for their everyday business purposes. We do not share your information with non-affiliates for them to market to you.

Monitoring of communications

We may monitor telephone conversations and electronic communications with you for the purposes of: (i) ascertaining the details of instructions given, or any other relevant circumstances; (ii) ensuring compliance with our regulatory obligations; and/or (iii) detecting and preventing the commission of financial crime.

Retention periods and security measures

We will not retain personal data for longer than is necessary in relation to the purpose for which it is collected, subject to Data Protection Law. Personal data will be retained for a minimum period of five to seven years after the termination of our relationship, and we may retain personal data for a longer period for marketing our products and services or compliance with applicable law. From time to time, we will review the purpose for which personal data has been collected and decide whether to retain it or to delete if it no longer serves any purpose to us. To protect your personal information from unauthorized access and use, we apply organisational and technical security measures in accordance with Data Protection Law. These measures include computer safeguards and secured files and buildings. We will notify you of any material personal data breaches affecting you in accordance with the requirements of Data Protection Law.

International transfers

Because of the international nature of our business, personal data may be transferred to countries outside the EEA (“Third Countries”), such as to jurisdictions where we conduct business or have a service provider, including countries that may not have the same level of data protection as that afforded by the Data Protection Law in the EEA. In such cases, we will process personal data (or procure that it be processed) in the Third Countries in accordance with the requirements of the Data Protection Law, which may include having appropriate contractual undertakings in legal agreements with service providers who process personal data on our behalf in such Third Countries.

Your rights under Data Protection Law

You have certain rights under GDPR in relation to our processing of your personal data and these are, generally: (i) the right to request access to your personal data; (ii) the right to request rectification of your personal data; (iii) the right to request erasure of your personal data (the “right to be forgotten”); (iv) the right to restrict our processing or use of personal data; (v) the right to object to our processing or use where we have considered this to be necessary for our legitimate interests (such as in the case of direct marketing activities); (vi) where relevant, the right to request the portability; (vii) where your consent to processing has been obtained, the right to withdraw your consent at any time; and (viii) the right to lodge a complaint with a supervisory authority. You should note that your right to be forgotten that applies in certain circumstances under GDPR is not likely to be available in respect of the personal data we hold, given the purpose for which we collect such data, as described above. You may contact us at any time to limit our sharing of your personal information. If you limit sharing for an account you hold jointly with someone else, your choices will apply to everyone on your account.

Complaining to supervisory authorities

A complaint in respect of Triago may be made to the Information Commissioner’s Office in the respective countries of the incorporation of its affiliates.

Who to contact about this Privacy Notice

If you have any queries regarding this policy or complaints about our use of your data, please contact us at the e-mail address: mail@triago.com and we will do our best to deal with your complaint or query as soon as possible.